aws s3 policy setting
trying to set AWS S3 policy and i would have thought if i were to set it directly in the s3 bucket itself, i won't have to add a resource. Boy was i wrong.
This policy was the one that works, after so many time messing around with it. So the principal must be valid ARN. The resource too must be a legit ARN resource.
In this example, i am denying user from uploading. Even though this user is configure to have ALL s3 permission by default, having this policy blocks the principal from uploading to this bucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PolicyForDenyUploadWithACL",
"Effect": "Deny",
"Principal": {
"AWS": "must-be-a-valid-arn-pricipal"
},
"Action": "s3:PutObject",
"Resource": "must-be-a-valid-arn-resource/*"
}
]
}
Comments